mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-18 00:21:25 +01:00
60643d379b
(Including all changes for FreeBSD - importing the original eBones distribution would be too complex at this stage, since I don't have access to Piero's CVS.) (If you want to include eBones in your system, don't forget to include MAKE_EBONES in /etc/make.conf.) (This stuff is now also suppable from braae.ru.ac.za.) Bones originally from MIT SIPB. Original port to FreeBSD 1.x by Piero Serini. Moved to FreeBSD 2.0 by Doug Rabson and Geoff Rehmet. Nice bug fixes from Doug Rabson.
118 lines
2.7 KiB
Groff
118 lines
2.7 KiB
Groff
.\" from: kadmind.8,v 4.1 89/07/25 17:28:33 jtkohl Exp $
|
|
.\" $Id: kadmind.8,v 1.2 1994/07/19 19:27:25 g89r4222 Exp $
|
|
.\" Copyright 1989 by the Massachusetts Institute of Technology.
|
|
.\"
|
|
.\" For copying and distribution information,
|
|
.\" please see the file <Copyright.MIT>.
|
|
.\"
|
|
.TH KADMIND 8 "Kerberos Version 4.0" "MIT Project Athena"
|
|
.SH NAME
|
|
kadmind \- network daemon for Kerberos database administration
|
|
.SH SYNOPSIS
|
|
.B kadmind
|
|
[
|
|
.B \-n
|
|
] [
|
|
.B \-h
|
|
] [
|
|
.B \-r realm
|
|
] [
|
|
.B \-f filename
|
|
] [
|
|
.B \-d dbname
|
|
] [
|
|
.B \-a acldir
|
|
]
|
|
.SH DESCRIPTION
|
|
.I kadmind
|
|
is the network database server for the Kerberos password-changing and
|
|
administration tools.
|
|
.PP
|
|
Upon execution, it prompts the user to enter the master key string for
|
|
the database.
|
|
.PP
|
|
If the
|
|
.B \-n
|
|
option is specified, the master key is instead fetched from the master
|
|
key cache file.
|
|
.PP
|
|
If the
|
|
.B \-r
|
|
.I realm
|
|
option is specified, the admin server will pretend that its
|
|
local realm is
|
|
.I realm
|
|
instead of the actual local realm of the host it is running on.
|
|
This makes it possible to run a server for a foreign kerberos
|
|
realm.
|
|
.PP
|
|
If the
|
|
.B \-f
|
|
.I filename
|
|
option is specified, then that file is used to hold the log information
|
|
instead of the default.
|
|
.PP
|
|
If the
|
|
.B \-d
|
|
.I dbname
|
|
option is specified, then that file is used as the database name instead
|
|
of the default.
|
|
.PP
|
|
If the
|
|
.B \-a
|
|
.I acldir
|
|
option is specified, then
|
|
.I acldir
|
|
is used as the directory in which to search for access control lists
|
|
instead of the default.
|
|
.PP
|
|
If the
|
|
.B \-h
|
|
option is specified,
|
|
.I kadmind
|
|
prints out a short summary of the permissible control arguments, and
|
|
then exits.
|
|
.PP
|
|
When performing requests on behalf of clients,
|
|
.I kadmind
|
|
checks access control lists (ACLs) to determine the authorization of the client
|
|
to perform the requested action.
|
|
Currently three distinct access types are supported:
|
|
.TP 1i
|
|
Addition
|
|
(.add ACL file). If a principal is on this list, it may add new
|
|
principals to the database.
|
|
.TP
|
|
Retrieval
|
|
(.get ACL file). If a principal is on this list, it may retrieve
|
|
database entries. NOTE: A principal's private key is never returned by
|
|
the get functions.
|
|
.TP
|
|
Modification
|
|
(.mod ACL file). If a principal is on this list, it may modify entries
|
|
in the database.
|
|
.PP
|
|
A principal is always granted authorization to change its own password.
|
|
.SH FILES
|
|
.TP 20n
|
|
/kerberos/admin_server.syslog
|
|
Default log file.
|
|
.TP
|
|
/kerberos
|
|
Default access control list directory.
|
|
.TP
|
|
admin_acl.{add,get,mod}
|
|
Access control list files (within the directory)
|
|
.TP
|
|
/kerberos/principal.pag, /kerberos/principal.dir
|
|
Default DBM files containing database
|
|
.TP
|
|
/.k
|
|
Master key cache file.
|
|
.SH "SEE ALSO"
|
|
kerberos(1), kpasswd(1), kadmin(8), acl_check(3)
|
|
.SH AUTHORS
|
|
Douglas A. Church, MIT Project Athena
|
|
.br
|
|
John T. Kohl, Project Athena/Digital Equipment Corporation
|